import { textUtil } from "@grafana/data";
import { config } from "@grafana/runtime";

const CSP_REPORT_ONLY_ENABLED = config.bootData.settings.cspReportOnlyEnabled;

export const defaultTrustedTypesPolicy = {
  createHTML: (string: string, source: string, sink: string) => {
    if (!CSP_REPORT_ONLY_ENABLED) {
      return string.replace(/<script/gi, "&lt;script");
    }
    console.error(
      "[HTML not sanitized with Trusted Types]",
      string,
      source,
      sink
    );
    return string;
  },
  createScript: (string: string) => string,
  createScriptURL: (string: string, source: string, sink: string) => {
    if (!CSP_REPORT_ONLY_ENABLED) {
      return textUtil.sanitizeUrl(string);
    }
    console.error(
      "[ScriptURL not sanitized with Trusted Types]",
      string,
      source,
      sink
    );
    return string;
  },
};

if (
  config.bootData.settings.trustedTypesDefaultPolicyEnabled &&
  window?.trustedTypes?.createPolicy
) {
  window.trustedTypes.createPolicy("default", defaultTrustedTypesPolicy);
}
